Fool me once, fool me twice
It’s not as if machine learning models aren’t incredibly easy to fool?
The transcript of a keynote I gave at the Future of Cyber Security conference held at Prospero House in London in November 2024, during which I talked about machine learning, the internet of things, edge computing, and how the new attack surfaces introduced by the arrival of artificial intelligence changes things.
Everyone loves a zero day, they’re exciting. They’re why a lot of us ended up doing security work in the first place. Realistically though, no matter how good a news story they make when they’re discovered, and how much fun we have with them, we all know that most security breaches aren’t from those. They’re from someone clicking on a link in a phishing email and entering their details into a fake website.
Statistics that suggest that somewhere between 80 to 90 percent of attacks start with a phishing email. Inevitably humans are the biggest vulnerability in any system, the least secure part, and it’s likely that’s not going to change any time soon.
